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Application Papers 

9) D The specification is objected to by the Examiner. 
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Response to Amendment 

« 

1. Applicant's request for reconsideration filed on 12/21/2005 has been reviewed. 

2. Amendment filed on 12/21/2005 (including amendment to the claims) has been entered. 

3. Applicant's arguments filed on 12/21/2005 have been fully considered but they are not 
persuasive. 

4. The applicant contends, "As per claims 1 and 39, Cohen et al., Moriconi et al. and Gavrila et al. 
do not teach storing database user authorization in a central directory that is connected to one or more 
databases, the database user authorization comprising a user role, the user role comprising one or more 
privileges." 

The examiner disagrees and would like to point out that Cohen et al. teach that according to the 
invention, the single sign-on mechanism preferably uses a "data model" where information used to sign 
on to applications is kept in two separate databases. The first database is. the PKM 24, which is 
preferably a global database and is thus accessible from all client machines in a given domain. The PKM 
24, as noted above, keeps user configuration information. The second database is the CIM 22, which is 
preferably a local database and is thus accessible only from the current client machine. The CIM need 
not be merely a local database, however. Each client machine from which the SSO support is provided 
runs a CIM. Thus, multiple instances of CIM 22 are illustrated in FIG. 2. Likewise, each client machine 
preferably also runs an instance of the logon coordinator 26. Thus, for example, the PKM 24 contains 
user-specific application data, which includes: Target name-uniquely identifying a user "target", Target 
type-specifies what type of "application" this target is; Domain/Host/Application name-specifies 
application information, specific for this target; User ID-specifies user id on target; Key information- 
specifies the user's key (password) on the target; User preferences-specifies user specific information for 
this target; and Preferred program name-specifies a preferred CIM entry to use with this target (fig. 2, col. 

5. lines 16-44, Cohen et al.). 

Moriconi et al. teach that an object, such as an application or a database, typically has its own list of 
users. These are users who can log on to the object and be authenticated by the objects, sometimes 
through an external authentication server. In a large system, users are preferably maintained separately 
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by one or more directory servers. Users are preferably extracted from objects or directory servers, and 
are maintained up-to-date by synchronizing with these objects and directory servers (col. 7, lines 4-11, 
Moriconi et al.). Moriconi et al. also teach that users of an object may be defined as being local to that 
object. In a typical system, the same user is often represented by different login identifications in different 
objects. This system may support the notion of a "global" user to capture this situation. Every global user 
is mapped to a set of local users, one per object. Global users facilitate the centralized management of 
users throughout the system, even if they are identified by different names in different objects (col. 7, 
lines 25-33, Moriconi et al.). Moriconi et al. teach that a privilege defines the kinds of access that may be 
allowed on objects. In the preferred embodiment, a privilege is the right to perform a particular action on 
a specific object. The kinds of privileges that apply to an object depend on the type of the object. 
Examples of privileges include the right to execute an application, the right to download a web page, the 
right to query a database table, or the right to view a menu item. Privileges are granted to users so they 
can accomplish tasks required for their job. A privilege should be granted to a user only when it is 
absolutely required for the user to accomplish a task. Excessive granting of unnecessary privileges may 
lead to compromised security. A user may receive a privilege in two different ways, privileges can be 
granted to users explicitly (for example, user SMITH can be granted the privilege to execute the payroll 
application), or privileges can be granted to a role (a named group of privileges), which is then granted to 
one or more users (for example, a role named "clerk" can be granted the privilege to execute the payroll 
application, and user SMITH can be granted the clerk role). Roles are named groups of privileges that are 
granted to users or other roles. Users granted to a role are the members of that role. A role is often used 
to represent the set of privileges needed to perform a job function. The members of a role automatically 
inherit all the privileges granted or denied to the role (col. 7, lines 34-60, Moriconi et al.). 
5. The applicant contends, "The office action has not identified where a motivation to combine 
Cohen and Moriconi can be found." 

In response to applicant's argument that there is no suggestion to combine the references, the examiner 
recognizes that obviousness can only be established by combining or modifying the teachings of the prior 
art to produce the claimed invention where there is some teaching, suggestion, or motivation to do so 
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found either in the references themselves or in the knowledge generally available to one of ordinary skill 
in the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 958 
F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, Cohen et al. teach a single sign-on 
mechanism to enable a given user to access a target application on a target resource in a distributed 
computer enterprise. One or more configuration directives each identifying a given logon process and any 
associated methods required to access the target application on the target resource are stored in a global 
accessible database (abstract, Cohen et al.). Moriconi et al. teach a system and method for maintaining 
security in a distributed computing environment that comprises a policy manager located on a server and 
a global policy specifies access privileges of the user to securable components. The policy manager 
distributes a local client policy based on the global policy to the client (abstract, Moriconi et al.). 
Combining Cohen et al. and Moriconi et al. references would provide the opportunity to provide additional 
global security in protecting the data using different roles for different users. 

6. The applicant contends, "As per claim 19, impermissible hindsight is applied in the office action 
for providing reasons to combine four references." 

The examiner disagrees and would like to point out that so long as it takes into account only knowledge 
which was within the level of ordinary skill at the time the claimed invention was made, and does not 
include knowledge gleaned only from the applicant's disclosure, such a reconstruction is proper. See In 
re McLaughlin, 443 F.2d 1392, 170 USPQ 209 (CCPA 1971). 

Claim Rejections - 35 USC §103 

7. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

8. The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), 
that are applied for establishing a background for determining obviousness under 35 U.S.C. 103(a) are 
summarized as follows: 



Application/Control Number: 10/084,880 Page 5 

Art Unit: 2138 

1 . Determining the scope and contents of the prior art. 

2. Ascertaining the differences between the prior art and the claims at issue. 

3. Resolving the level of ordinary skill in the pertinent art. 

4. Considering objective evidence present in the application indicating obviousness or 
nonobviousness. 

9. Claim 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over Cohen et al. (US 
6,178,51 1 B1) in view of Moriconi et al. (US 6,158,010). For details, please see the office action mailed 
on 09/19/2005. 

10. CJaims'2-4, 11, 12, 13, 14, 15, 16, 17, 18 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Cohen et al. (US 6,178,511 B1) and Moriconi et al. (US 6,158,010) as applied to claim 
1 above, and further in view of Ferguson et al. (US 2002/0082818 A1). For details, please see the office 
action mailed on 09/19/2005. 

11. Claims 5-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cohen et al. (US 
6, 1 78,51 1 B1 ), Moriconi et al. (US 6, 1 58,01 0) and Ferguson et al. (US 2002/008281 8 A1 ) as applied to 
claim 4 above, and further in view of Gavrila et al. (US 2002/0026592 A1 ). For details, please see the 
office action mailed on 09/19/2005. 

12. Claims 19-38 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cohen et al. (US 
6,178,51 1 B1) in view of Moriconi et al. (US 6,158,010), Ferguson et al. (US 2002/0082818 A1) and 
Gavrila et al. (US 2002/0026592 A1). For details, please see the office action mailed on 09/19/2005. 

13. Claim 39 is rejected under 35 U.S.C. 103(a) as being unpatentable over Cohen et al. (US 
6,178,51 1 B1) in view of Moriconi et al. (US 6,158,010) and Gavrila et al. (US 2002/0026592 A1). For 
details, please see the office action mailed on 09/19/2005. 

14. Claims 40-42, 44-51 are rejected under 35 U.S.C. 103(a) as being unpatentable over Cohen et al. 
(US 6,178,511 B1), Moriconi et al. (US 6,158,010) and Gavrila et al. (US 2002/0026592 A1) as applied to 
claim 39 above, and further in view of Ferguson et al. (US 2002/0082818 AL). For details, please see the 
office action mailed on 09/19/2005. 

Conclusion 

15. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy as set forth 
in37CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened'statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Dipakkumar Gandhi whose telephone number is 571-272-3822. The examiner can 
normally be reached on 8:30 AM - 5:00 PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Albert Decady can be reached on (571) 272-3819. The fax phone number for the organization where this 
application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBG) 
at 866-217-9197 (toll-free). 





Dipakkumar Gandhi 
Patent Examiner 



